Context Navigation

Contents

A password store for the AccountManagerPlugin using LDAP

Description

This plugin is a password store for the AccountManagerPlugin that provides authentication and group membership from an LDAP service.
Users are authenticated by performing an LDAP bind against a directory using their credentials. The plugin will also pull the email address and username from the directory and populate the session_attribute table.

[trac]...permission_store=DefaultPermissionStore[account-manager]...password_store=LdapAuthStore[components]acct_mgr.admin.accountmanageradminpage=enabledacct_mgr.api.accountmanager=enabledacct_mgr.web_ui.accountmodule=enabledacct_mgr.web_ui.loginmodule=enabledtrac.web.auth.loginmodule=disabled...ldapplugin.*=enabledldapauthstore.*=enabled[ldap]# enable LDAP support for Tracenable=true# enable TLS supportuse_tls=false# LDAP directory hosthost=localhost# LDAP directory port (default port for LDAPS/TLS connections is 636)port=389# BaseDNbasedn=dc=example,dc=com# Relative DN for users (defaults to none)user_rdn=ou=people# Relative DN for group of names (defaults to none)group_rdn=ou=groups# objectclass for groupsgroupname=groupOfNames# dn entry in a groupnamegroupmember=member# attribute name for a groupgroupattr=cn# attribute name for a useruidattr=uid# attribute name to store trac permissionpermattr=tracperm# filter to search for dn with 'permattr' attributespermfilter=objectclass=*# time, in seconds, before a cached entry is purged out of the local cache.cache_ttl=900# maximum number of entries in the cachecache_size=100# whether to perform an authenticated bind for group resolutiongroup_bind=yes# whether to perform an authenticated bind for permision store operationsstore_bind=true# user for authenticated connection to the LDAP directorybind_user=cn=anonbind,dc=example,dc=com# password for authenticated connectionbind_passwd=anonbind# global permissions (vs. per-environment permissions)global_perms=false# group permissions are managed as addition/removal to the LDAP directory groupsmanage_groups=true# whether a group member contains the full dn or a simple uidgroupmemberisdn=yes...# # ldapauthstore settings##--- from #1147, not present in #1600 # default: basedn_filter = objectClass=*#basedn_filter = objectClass=inetOrgPerson#---# default: name = namename=cn# default: email = emailemail=mail#--- from #1600, not present in #1147# users must be in this group to use tracallusers_group=tracusers#---